CVE-2020-7130 — Sensitive Information Exposure in Packard Enterprise HPE Oneview Global Dashboard

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

7.5HIGHNVD

EPSS

4.2%

top 11.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hewlett Packard Enterprise HPE Oneview Global Dashboard HP Oneview Global Dashboard

Timeline

PublishedMar 4

Latest updateSep 6

Description

HPE OneView Global Dashboard (OVGD) 1.9 has a remote information disclosure vulnerability. HPE OneView Global Dashboard - After Upgrade or Install of OVGD Version 1.9, Appliance Firewall May Leave Ports Open. This is resolved in OVGD 1.91 or later.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDhp/oneview_global_dashboard1.9

▶CVEListV5hewlett_packard_enterprise/hpe_oneview_global_dashboard1.9

🔴Vulnerability Details

GHSA

GHSA-x8mr-64rx-qcvm: HPE OneView Global Dashboard (OVGD) 1↗2022-05-24

▶

CVEList

CVE-2020-7130: HPE OneView Global Dashboard (OVGD) 1↗2020-03-04

▶

💬Community

HackerOne

The dashboard is exposed in https://███↗2022-09-06

▶